By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

and the Department of Homeland Security. DHS assures companies that their disclosures won't be made public, which had been a major stumbling block since the Protected Critical Infrastructure Information (PCII) program's establishment by the Critical Infrastructure Information Act of 2002.

"This Act provides for the establishment of a critical infrastructure information protection program that will exempt from disclosure to the general public any critical infrastructure information that the public may voluntarily provide to the department," according to the PCII program Web site. "The PCII program is designed to encourage private industry to share confidential, proprietary and sensitive business information about critical infrastructure with the government [to pursue] a more secure homeland, focusing primarily on analyzing and securing critical infrastructure and protected systems; developing risk assessments and vulnerabilities; and assisting with recovery."

Federal government requests for information on security breaches and weaknesses in critical infrastructure largely has fallen on deaf ears in the private sector, with industry reluctant to disclose details that could be made public through the Freedom of Information Act (FOIA) or other avenues.

"The plan is viable," said former White House cybersecurity advisor Howard Schmidt. "Under PCII you can get much more detailed information and determine whether an incident is general hacking activity or something that requires government action."

Critics in both the privacy and security arenas have voiced concerns that the law will allow big business to do "bad things with impunity," said Schmidt. "However, the vast majority want to work together to protect critical infrastructure -- it's not in anyone's best interest to use this law to cover up bad deeds, including their own."

PCII says the information may be used for many purposes, focusing primarily on analyzing and securing critical infrastructure and protected systems, risk and vulnerabilities assessments, and assisting with recovery as appropriate.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy